I've got a nice juicy problem, for those who like such things. I've got a 3-server network (windows 2003; integrated AD), none of which can resolve IP addresses anymore. I can ping specific addresses, but, not URLs.

The problem appears to have been caused by MS patch installations, pushed out via patch management software (GFI). The symptoms indicate that "dcdiag /fix" or "netdiag /fix" should resolve it, but it has not. I've been chasing error messages (both from event viewer & results of dcdiag & netdiag).

I tried removing patches, but wasn't sure if succeeded in that, or not.

I tried to rebuild the TCP/IP stack on one of the severs, and nearly lost the server completely. (The standard "all you got to do is" netsh fix didn't work for me, either.)

Because DNS troubleshooting generates a lot of data, I'm not going to start flooding SW with it, un-prompted. (Let me know if there's something of particular interest...be glad to post.)

Most "amusing" - SERVER #3 is my DNS server for the office; the only DNS outlet my workstations have, and it's serving up resolution 'sweet as a nut.' But, the server itself can't resolve a thing. (Yes, it's pointing to it's own IP address for resolution, and has my ISP's DNS for forwarders.)

What happens when you set the servers dns settings to your ISP or open dns or something does it resolve then or still no joy?

Patrick, thanks for asking. Alas, no Joy! I have tried that, and I still can't resolve; however, when I'm using the ISPs DNS, nslookup does work. (I'm using CNN as my target for testing, and it came up with a goodly list of servers, as i'd expect.)

Just to be clear, are you unable to resolve BOTH internal and external IPs?

Good distinction; I can resolve internal...but, I'm using WINS, hosts & lmhosts. As a note, before the patches, I was only using WINS. The hosts files helped the servers see each other, once the problems started. Thanks.

What are you setting as the gateway IP on each of the DNS servers? What are you using for your gateway devices and can those devices resolve external IPs?

the gateway IP for all devices is our firewall (NetGear FVX538). It can resolve IPs, and appears to be passing all traffic correctly. When I plug in a IP Address to a browser, the sites do pull up. (Sometimes chopped up, depending on the design of the site.)

I think the firewall gets a pass, as I can't imagine the scendario which would allow IP traffic through, but not DNS resolution; and, as DNS resolution is working for the workstations, I think it's the DNS Client on the servers that got hosed by the updates. Not sure if I explained that well....

Wow...Could you be specific on what MS Patches caused this fun for you? Sound like something killed DNS resolution. Please post what you find as this is a perplexing issue and can not think of any other suggestions other than what has been mentioned.

What are you setting as the gateway IP on each of the DNS servers? What are you using for your gateway devices and can those devices resolve external IPs?

the gateway IP for all devices is our firewall (NetGear FVX538). It can resolve IPs, and appears to be passing all traffic correctly. When I plug in a IP Address to a browser, the sites do pull up. (Sometimes chopped up, depending on the design of the site.)

I think the firewall gets a pass, as I can't imagine the scendario which would allow IP traffic through, but not DNS resolution; and, as DNS resolution is working for the workstations, I think it's the DNS Client on the servers that got hosed by the updates. Not sure if I explained that well....

Good, I just wanted to rule out anything on your edge.

Originally you stated that you were getting error messages. Can you post some error messages that are not generalized?

You could try to uninstall the network card and remove the drivers, then rebooting and reinstalling the divers/software

I've done this before when there were weird network card problems. Don't see why it would blue screen, but you can obviously expect the server to be down while you do this.

I think I'll try this next (after hours, for reasons you note!). But, I think I'll spend a few minutes getting the drivers parked on the server's hard-drive, in advance! :-)

Any ideas about making sure drivers/files get replaced?

Yeah just make sure you uninstall the software (broadcom, intel whatever) and then go into device manager and uninstall the network card. Then reboot. When windows tries to do that add remove hardware wizard, just cancel it and reinstall the driver package that you (hopefully) downloaded beforehand.

To all who responded: thank you all for the comments & suggestions. After much frustration, I went medieval on it, and melted down my servers, and rebuilt the domain. (If this sounds like a PITA, um, yes it was.)

But, at this point, I'm back to a stable, platform with two DCs (instead of my money saving one DC config). I like all the responses, but, since I'm not sure what the "real" solution (or even the "real" problem) was, I'm unsure how to credit the question.

Though abandoning this topic does leave me feeling a bit hollow, at least the practical issues are resolved.

Thanks again.

All the best...

0

This discussion has been inactive for over a year.

You may get a better answer to your question by starting a new discussion.